Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

Andrew Ferraiuolo; Rui Xu; Danfeng Zhang; Andrew C. Myers; G. Edward Sun

首页> 外文期刊>Computer architecture news >Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

【24h】

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

机译：通过静态信息流分析验证实用的硬件安全体系结构

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Hardware-based mechanisms for software isolation are becoming increasingly popular, but implementing these mechanisms correctly has proved difficult, undermining the root of security. This work introduces an effective way to formally verify important properties of such hardware security mechanisms. In our approach, hardware is developed using a lightweight security-typed hardware description language (HDL) that performs static information flow analysis. We show the practicality of our approach by implementing and verifying a simplified but realistic multi-core prototype of the ARM TrustZone architecture. To make the security-typed HDL expressive enough to verify a realistic processor, we develop new type system features. Our experiments suggest that information flow analysis is efficient, and programmer effort is modest. We also show that information flow constraints are an effective way to detect hardware vulnerabilities, including several found in commercial processors.

机译：基于硬件的软件隔离机制正变得越来越流行，但是事实证明，正确实现这些机制很困难，从而破坏了安全性的根源。这项工作引入了一种有效的方式来正式验证此类硬件安全机制的重要属性。在我们的方法中，硬件是使用执行静态信息流分析的轻型安全性类型的硬件描述语言（HDL）开发的。通过实现和验证ARM TrustZone体系结构的简化但现实的多核原型，我们展示了我们方法的实用性。为了使安全类型的HDL具有足够的表现力来验证实际的处理器，我们开发了新型的系统功能。我们的实验表明，信息流分析是有效的，程序员的工作量很少。我们还表明，信息流约束是检测硬件漏洞的有效方法，其中包括在商用处理器中发现的几个漏洞。

著录项

来源
《Computer architecture news》 |2017年第1期|555-568|共14页
作者
Andrew Ferraiuolo; Rui Xu; Danfeng Zhang; Andrew C. Myers; G. Edward Sun;
展开▼
作者单位

Cornell University, Ithaca, NY;

Cornell University, Ithaca, NY;

Penn State University, University Park, PA;

Cornell University, Ithaca, NY;

Cornell University, Ithaca, NY;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis [J] . Ferraiuolo Andrew, Xu Rui, Zhang Danfeng, ACM SIGPLAN Notices: A Monthly Publication of the Special Interest Group on Programming Languages . 2017,第4期

机译：通过静态信息流分析验证实用硬件安全架构
2. Verifying cache architecture vulnerabilities using a formal security verification flow [J] . Ghasempouri Tara, Raik Jaan, Paul Kolin, Microelectronics reliability . 2021,第Apra期

机译：使用正式安全验证流程验证缓存架构漏洞
3. Theorem proof based gate level information flow tracking for hardware security verification [J] . Qin Maoyuan, Hu Wei, Wang Xinmu, Computers & Security . 2019,第AUGa期

机译：基于定理证明的门级信息流跟踪，用于硬件安全验证
4. Property Specific Information Flow Analysis for Hardware Security Verification [C] . Wei Hu, Armaiti Ardeshiricham, Mustafa S Gobulukoglu, IEEE/ACM International Conference on Computer-Aided Design . 2018

机译：用于硬件安全验证的特定于属性的信息流分析
5. Harmonizing data mining and static analysis to tackle hardware and system level verification. [D] . Liu, Lingyi. 2013

机译：协调数据挖掘和静态分析以解决硬件和系统级验证。
6. Security Architecture and Protocol for Trust Verifications Regarding the Integrity of Files Stored in Cloud Services [O] . Alexandre Pinheiro, Edna Dias Canedo, Rafael Timoteo de Sousa Junior, 2018

机译：用于存储在云服务中的文件完整性的信任验证的安全体系结构和协议
7. Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis [O] . Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, 2017

机译：通过静态信息流分析验证实用硬件安全架构

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

摘要

著录项

相似文献

相关主题

期刊订阅